As the use of handheld electronic devices, such as mobile telephones and smartphones, to store and operate on personal data becomes increasingly more prevalent, the need for securing such devices with robust authentication mechanisms to prevent unauthorized entry has also increased. Traditionally, the primary means for securing handheld devices has been to require a user to enter a password in order to gain entry to programs or data stored on the device. When used as the sole means for granting or denying access to a device, a password-only approach may be considered a “single-factor” authentication scheme.
Single-factor authentication, however, may offer only modest protection against unauthorized access, since it may be necessary to obtain access to only a single authentication credential or object in order to gain access to a system. For example, if a smartphone is secured only by a password, then an unauthorized user need only obtain the password in order to gain entry to the smartphone. To address this weakness in single-factor authentication schemes, multi-factor authentication schemes have been devised whereby a user must demonstrate a right to entry using two or more separate mechanisms.
One example of a multi-factor authentication scheme is the use of a physical security token in conjunction with a password. For example, in order to gain access to a system, in addition to supplying a valid password, a user may also be required to present a security badge having a magnetic strip or a radio frequency identification (RFID) tag for scanning. Such a token-based multi-factor authentication scheme provides an additional layer of security, since an unauthorized user would not be able to gain access to the system simply by obtaining knowledge of a valid password (e.g., by glancing over an authorized user's shoulder as he or she typed the password), but would also have to obtain possession of the token associated with the password in order to gain access.
Although token-based multi-factor authentication schemes provide an additional layer of security over single-factor authentication schemes, such as purely password-driven systems, they suffer from a number of drawbacks. For example, a security token may be stolen by an unauthorized user or may be misplaced or forgotten by an authorized user, thus preventing the authorized user from gaining access to the system. Moreover, because most computers and handheld devices lack native hardware support to detect the presence of a security token, such as a magnetic strip card reader or an RFID token scanner, it is usually necessary to install separate hardware peripheral devices in order to detect presentation of a valid physical security token.
One technique that has been devised to address several flaws in token-based multi-factor authentication schemes is to use biometric information in conjunction with a second authentication factor, such as a password. In a biometric multi-factor authentication scheme, in addition to providing a valid password, a person may also be required to demonstrate that he or she is the authorized holder of the password by providing a fingerprint, retinal scan, or other biometric information sufficient to determine biological identity. Biometric multi-factor authentication schemes have an advantage over token-based multi-factor authentication schemes in that, unlike a physical security token, biometric information may not be stolen or lost by an authorized user.
However, like token-based multi-factor authentication schemes, biometric multi-factor authentication schemes also suffer from the drawback that it is often necessary to purchase and install separate peripheral hardware devices, such as fingerprint readers or retina scanners, in order to authenticate using these techniques. Not only may such peripheral devices be expensive, but their necessity prevents users from implementing biometric scanning security mechanisms using only software upgrades to existing hardware configurations.
The situation may be slightly improved using some forms of biometric scanning, such as speech recognition and facial recognition, that, in some cases, may be able to use existing hardware configurations and rely only on software upgrades to determine biological identity. However, these forms of biometric scanning, even when implemented purely by software, also suffer from a number of drawbacks. For example, the size and complexity of software needed to perform facial or speech recognition is often immense, placing large burdens on memory and processing power that may not be appropriate for or supported by simpler or smaller computing devices such as mobile telephones and smartphones.
Robust and accurate speech or facial recognition software packages may also be prohibitively expensive, making it commercially infeasible to incorporate such software into consumer devices that are intended for mass distribution at significantly cheaper prices. Moreover, because of the innumerable complexities involved in analyzing audio data representing a human voice or image data recognizing a human face, even high-end speech and facial recognition programs are often inaccurate, leading to security-vulnerable false positives or user-frustrating false negatives. For example, such analysis may be unduly sensitive to minor variations in lighting, background noise, varying vocal intonations, etc.
Therefore, there is a need for methods, systems, and computer-readable media for implementing multi-factor authentication in handheld devices, such as mobile telephones and other computers, that are able to utilize existing hardware to detect the presence of a valid physical security token using a simple software upgrade that is significantly more accurate than biometric scanning techniques and imposes a significantly lower processing and memory burden. Such a security token should also be capable of easy generation and replication using general purpose hardware and software already commercially available to users.